Create Policy

JFrog REST APIs
Content Type
REST API

Description: Creates a new lifecycle policy. A policy defines enforcement mode, the lifecycle action (stage/gate), the scope (project or application), and the rules to apply.

Usage: POST https://{{artifactory-host}}/unifiedpolicy/api/v1/policies

Consumes: application/json

Request Body

Field

Type

Required

Description

name

string

Yes

Policy name.

description

string

No

Free-text description.

enabled

boolean

Yes

Whether the policy is active.

mode

string

Yes

Enforcement mode. One of: block, warning.

action

object

Yes

Lifecycle action governed by the policy.

action.type

string

Yes

Action type (e.g., certify_to_gate).

action.stage.key

string

Yes

Lifecycle stage key (for example, qa, production).

action.stage.gate

string

Yes

Lifecycle gate. One of: entry, exit, release.

scope

object

Yes

Where the policy applies (project-level or application-level).

scope.type

string

Yes

project or application.

scope.project_keys

array[string]

No

Projects to include (required for project scope).

scope.application_keys

array[string]

No

Applications to include (used with application scope).

scope.application_labels

array[object]

No

Label filters. Each entry has key and value.

rule_ids

array[string]

Yes

IDs of rules enforced by this policy.

Sample Request

POST 'https://{host}.jfrog.io/unifiedpolicy/api/v1/policies'
Content-Type: application/json
Authorization: Bearer <token>

{
  "name": "Production Security Policy",
  "description": "Block promotion on Critical CVEs",
  "enabled": true,
  "mode": "block",
  "action": { "type": "certify_to_gate", "stage": { "key": "production", "gate": "entry" } },
  "scope": { "type": "project", "project_keys": ["my-project"] },
  "rule_ids": ["12345","67890"]
}

Sample Response

{
  "id": "policy-1001",
  "name": "Production Security Policy",
  "enabled": true,
  "mode": "block",
  "action": { "type": "certify_to_gate", "stage": { "key": "production", "gate": "entry" } },
  "scope": { "type": "project", "project_keys": ["my-project"] },
  "rules": [{ "id": "rule-12345" }, { "id": "rule-67890" }],
  "created_at": "2025-10-09T10:30:00Z",
  "created_by": "admin",
  "updated_at": "2025-10-09T10:30:00Z",
  "updated_by": "admin"
}

Status Codes

Code

Description

201

Policy created successfully

400

Bad Request (validation error)

401

Unauthorized

403

Forbidden (insufficient permissions)

409

Conflict (duplicate name or invalid rule references)

500

Internal Server Error